Report - xat.com/flirt

Report Overview

Visited public
2025-02-19 16:51:52
Tags
URL
xat.com/flirt
Finishing URL
xat.com/flirt
IP / ASN
172.67.38.142
#13335 CLOUDFLARENET
Title
xat Flirt chat

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-02-19	1.8 kB	121 kB	104.17.25.14
xat.com	335294	1997-09-20	2012-05-23	2025-02-18	5.5 kB	1.2 MB	172.67.38.142
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-02-19	426 B	111 kB	142.250.74.168

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-02-19	medium	xat.com/content/web/R00206/common.js	Unique code from Jetriz, Swid & Jeniva of the Tetris framework

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (8)

	URL	From	Size	First Seen	Last Seen
	xat.com/content/web/R00206/common.js	ScriptElement	911 kB	2025-02-10	2025-02-19
Pretty URL xat.com/content/web/R00206/common.js IP 172.67.38.142 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-10 07:55 Last Seen2025-02-19 17:10 Times Seen96 Hash 2bbff048091371db4ea02444ac360f57 9d5cfdd724f0e524f0d721269d983fed417a30ba ed567aaa9291e260f973c8415255872054fedc66146a8463eb450d4c7996aef5 Loading...

	xat.com/content/web/R00206/lib/jquery.localize.js	ScriptElement	2.2 kB	2023-03-07	2025-03-11
Pretty URL xat.com/content/web/R00206/lib/jquery.localize.js IP 172.67.38.142 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11 Last Seen2025-03-11 21:33 Times Seen2543 Hash 0bd1f24c520de8776095ab9d2e9de2a1 471abdec03596ef981f2f38de48a3a99b3959706 99330f241956c44236cb84cef7ee89bbcf2dde089772d1465a1c7e36c1475835 Loading...

	xat.com/content/web/R00206/direct.js	ScriptElement	513 kB	2025-02-10	2025-02-19
Pretty URL xat.com/content/web/R00206/direct.js IP 172.67.38.142 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-10 07:55 Last Seen2025-02-19 17:10 Times Seen96 Hash 6968aa07dc343b95046b4d23c45478dd 2a59110b892e692907b3194d6a84a17704100fcf 1552b308397cc6f4361f7964359d480fa1e153c8b241be2fade1d74c684cebd5 Loading...

	www.googletagmanager.com/gtag/js?id=G-P4SDK5JMQ9	ScriptElement	324 kB	2025-02-19	2025-02-19
Pretty URL www.googletagmanager.com/gtag/js?id=G-P4SDK5JMQ9 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-19 16:46 Last Seen2025-02-19 16:51 Times Seen2 Hash df695fcfef76f4c9cd64d0c6a3e9605b 879f90d5ed6439480d8c84fca6efd724146dd397 ac81af359fc058255194ee4f0e27a96b23cf198c480a7f3cfc74592617631a70 Loading...

	xat.com/content/web/R00206/pwa.js?z4	ScriptElement	81 kB	2025-02-10	2025-02-19
Pretty URL xat.com/content/web/R00206/pwa.js?z4 IP 172.67.38.142 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-10 07:55 Last Seen2025-02-19 17:10 Times Seen96 Hash 33cbc4d66ddb9f5cae0b11f99bb218c0 597170dc098b95622e83a07d987879fe09b496b6 07d6158a989f328fe2ba2834217ac579d0e7eaf5727b8265301d8fa9f09f62e3 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js	ScriptElement	90 kB	2023-03-07	2025-05-23
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-23 04:14 Times Seen110220 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	cdnjs.cloudflare.com/ajax/libs/handlebars.js/4.7.6/handlebars.runtime.js	ScriptElement	52 kB	2023-03-07	2025-03-11
Pretty URL cdnjs.cloudflare.com/ajax/libs/handlebars.js/4.7.6/handlebars.runtime.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11 Last Seen2025-03-11 21:33 Times Seen2547 Hash 9c17b78b7bdf4820e70c04330ed2b155 47f412c1800686b459c053bf3fb6c0f8a0421833 4a82f849e9618156eef475449fe30bc64aa9d4b9aa172764fd069ca90d41dd5f Loading...

	cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.3/js/bootstrap.bundle.min.js	ScriptElement	84 kB	2023-03-07	2025-05-22
Pretty URL cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.3/js/bootstrap.bundle.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-22 15:30 Times Seen6169 Hash 7f389f5d2622ce2090eca7c36bcb90bc ab27031159724e2421f6ff5c70f48e657abe9d39 8d7089253dca29c9cd8d9deb7ec69b0a3d445f88f6a26478c719be1f90adcb01 Loading...

HTTP Transactions (16)

URL IP Response Size

cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.3/css/bootstrap.min.css

104.17.25.14

200 OK

18 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.3/css/bootstrap.min.css
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xat.com/flirt
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32
ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT

File type
ASCII text, with very long lines (65326)
Size
18 kB (17717 bytes)
Hash
023b3876bb73aa541367fc40a193d2b7
8ed2d6350d23f857d92805737d0f97c675de666b
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194

HTTP Headers

GET /ajax/libs/twitter-bootstrap/4.5.3/css/bootstrap.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xat.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 19 Feb 2025 16:51:27 GMT
content-type: text/css; charset=utf-8
content-length: 17717
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5f85cefb-27288"
last-modified: Tue, 13 Oct 2020 15:59:55 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 82892
expires: Mon, 09 Feb 2026 16:51:27 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ibVyccp%2F5yuuIOmMvvj%2F8r9DHupecySu%2Bfdsa%2FQSdG5jZI%2BqdX%2Bm%2FMT0qBAapZvEuiUj3PfUiRXgBSF%2FVRnqsyl2ayXdA%2F7JE404u5GXn9FAcsJyraLnyu1grJoJDQdowmBYIlJq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 9147c3025c340b41-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

xat.com/content/web/R00206/img/favicon-16x16.png

172.67.38.142

200 OK

638 B

URL GET HTTP/2
xat.com/content/web/R00206/img/favicon-16x16.png
IP
172.67.38.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xat.com/flirt
Certificate
IssuerGoogle Trust Services
Subjectxat.com
Fingerprint7D:22:76:6C:4A:0E:0A:C0:71:99:B7:1A:4A:B7:1B:81:FA:48:EE:A9
ValidityMon, 03 Feb 2025 23:08:50 GMT - Mon, 05 May 2025 00:08:46 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
638 B (638 bytes)
Hash
11242f8dd27c9c81933b6d6027783b4d
ca9cc26ea8c806e91ad2b8f1c7c3f0fc1058616c
db10e510c768f5c061989c0fe414fff937b764150c84365af7964596e5deab16

HTTP Headers

GET /content/web/R00206/img/favicon-16x16.png HTTP/1.1
Host: xat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xat.com/flirt
Cookie: __cflb=0H28vBHvMdMsiCqyekQMKrTEmi8SmkGd38Rap8kNdBq
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 19 Feb 2025 16:51:27 GMT
content-type: image/png
content-length: 638
last-modified: Thu, 13 Jul 2023 16:18:21 GMT
etag: "64b023cd-27e"
expires: Fri, 14 Mar 2025 08:56:01 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
cf-cache-status: HIT
age: 633326
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 9147c302db337130-OSL
X-Firefox-Spdy: h2

xat.com/images/app/apple-touch-icon.png

172.67.38.142

200 OK

4.5 kB

URL GET HTTP/2
xat.com/images/app/apple-touch-icon.png
IP
172.67.38.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xat.com/flirt
Certificate
IssuerGoogle Trust Services
Subjectxat.com
Fingerprint7D:22:76:6C:4A:0E:0A:C0:71:99:B7:1A:4A:B7:1B:81:FA:48:EE:A9
ValidityMon, 03 Feb 2025 23:08:50 GMT - Mon, 05 May 2025 00:08:46 GMT

File type
PNG image data, 180 x 180, 8-bit colormap, non-interlaced
Size
4.5 kB (4544 bytes)
Hash
79f8bb1d5de761929bb222df125cb9c9
91b74fa4b5b77a1002137f4b07356befa5c0e962
8f514eed8bbd7b44669a13af85315d26eb0cf783af15068591e814e9e04e3935

HTTP Headers

GET /images/app/apple-touch-icon.png HTTP/1.1
Host: xat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xat.com/flirt
Cookie: __cflb=0H28vBHvMdMsiCqyekQMKrTEmi8SmkGd38Rap8kNdBq
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 19 Feb 2025 16:51:27 GMT
content-type: image/png
content-length: 4544
cache-control: max-age=2592000
cf-bgj: imgq:85,h2pri
cf-polished: origSize=4660
access-control-allow-origin: *
etag: "5fd5cffa-1234"
expires: Mon, 03 Mar 2025 13:20:57 GMT
last-modified: Sun, 13 Dec 2020 08:25:30 GMT
cf-cache-status: HIT
age: 1567830
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 9147c302db2c7130-OSL
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

104.17.25.14

200 OK

28 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xat.com/flirt
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32
ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
28 kB (27958 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xat.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 19 Feb 2025 16:51:27 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 570125
expires: Mon, 09 Feb 2026 16:51:27 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K8Cty0cEQP4r%2BhYINWTZsJXI0WaWnHTHVcOqJOnKT%2BMX1fL8DCklS1S4irq5T18%2F%2BvSn4ZbJDJLYIAtQm1dE5Q5dCaaDkWi8xnUsjqRD%2FnTE4YDNQk2LsaNZcy%2BFlGloa%2FMV6u5x"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 9147c3034f5a7128-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.3/js/bootstrap.bundle.min.js

104.17.25.14

200 OK

19 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.3/js/bootstrap.bundle.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xat.com/flirt
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32
ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT

File type
JavaScript source, ASCII text, with very long lines (65299)
Size
19 kB (19143 bytes)
Hash
7f389f5d2622ce2090eca7c36bcb90bc
ab27031159724e2421f6ff5c70f48e657abe9d39
8d7089253dca29c9cd8d9deb7ec69b0a3d445f88f6a26478c719be1f90adcb01

HTTP Headers

GET /ajax/libs/twitter-bootstrap/4.5.3/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xat.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 19 Feb 2025 16:51:27 GMT
content-type: application/javascript; charset=utf-8
content-length: 19143
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5f85cefb-148b8"
last-modified: Tue, 13 Oct 2020 15:59:55 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 588531
expires: Mon, 09 Feb 2026 16:51:27 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u1DNG4jGPhj92oAoAxlmQOV%2FcDjEQ%2Bu2aSPpIITgAlXOfd56Yige9s4GZ9dkh459Ox%2FaYVdqlUvsHDts9hqt4XDVYKnu3dgTNi%2FuGalgIbWLoTKIguemlL6R3NUoMTUHV8%2F7tWXa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 9147c3039fc87128-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

xat.com/content/web/R00206/direct.html

172.67.38.142

403 Forbidden

16 kB

URL GET HTTP/2
xat.com/content/web/R00206/direct.html
IP
172.67.38.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xat.com/flirt
Certificate
IssuerGoogle Trust Services
Subjectxat.com
Fingerprint7D:22:76:6C:4A:0E:0A:C0:71:99:B7:1A:4A:B7:1B:81:FA:48:EE:A9
ValidityMon, 03 Feb 2025 23:08:50 GMT - Mon, 05 May 2025 00:08:46 GMT

File type
HTML document, ASCII text, with very long lines (8272), with no line terminators
Size
16 kB (16124 bytes)
Hash
6a33e068d278aa9ff5529532f690648d
2355eae292e2559dc7913f7a496c00e04b1fa287
b260391d32f0f5c8b2b0b59970b004147b359a52bb40e06abfd461f2a4a129bd

HTTP Headers

GET /content/web/R00206/direct.html HTTP/1.1
Host: xat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xat.com/flirt
DNT: 1
Connection: keep-alive
Cookie: __cflb=0H28vBHvMdMsiCqyekQMKrTEmi8SmkGd38Rap8kNdBq
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 403 Forbidden
date: Wed, 19 Feb 2025 16:51:27 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
server-timing: chlray;desc="9147c3031b9b7130"
cf-chl-out: 8TpKHLBHBee1DpmUG2wtWsjbhdo1f7KvpoAD1y+LfAFIEqueMbaaPWZ+zE6qHXJqX7gWDvBcnaqkuke584Zif1DI6raAyDtu+e1f/lVVkH00A/dFSBnWaqhuNiuSBRBVPp26MZFsiVtX3c1+P92cYw==$7Am9AhtaDR1gnCitbtwFCg==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 9147c3031b9b7130-OSL
content-encoding: br
X-Firefox-Spdy: h2

xat.com/content/web/R00206/common.js

172.67.38.142

200 OK

567 kB

URL GET HTTP/2
xat.com/content/web/R00206/common.js
IP
172.67.38.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xat.com/flirt
Certificate
IssuerGoogle Trust Services
Subjectxat.com
Fingerprint7D:22:76:6C:4A:0E:0A:C0:71:99:B7:1A:4A:B7:1B:81:FA:48:EE:A9
ValidityMon, 03 Feb 2025 23:08:50 GMT - Mon, 05 May 2025 00:08:46 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
567 kB (566852 bytes)
Hash
2bbff048091371db4ea02444ac360f57
9d5cfdd724f0e524f0d721269d983fed417a30ba
ed567aaa9291e260f973c8415255872054fedc66146a8463eb450d4c7996aef5

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Unique code from Jetriz, Swid & Jeniva of the Tetris framework

HTTP Headers

GET /content/web/R00206/common.js HTTP/1.1
Host: xat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xat.com/flirt
Cookie: __cflb=0H28vBHvMdMsiCqyekQMKrTEmi8SmkGd38Rap8kNdBq
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 19 Feb 2025 16:51:27 GMT
content-type: application/javascript
last-modified: Sun, 09 Feb 2025 11:25:30 GMT
etag: W/"67a890aa-de66f"
expires: Thu, 20 Feb 2025 16:06:23 GMT
cache-control: max-age=86400
origin-trial: AuowOQVHzf/jZCWuHsZPPTAEqLM5Nd7BltXiY7QcjA2JYFwAXlVvtkt628oPsOl3JUGBlPHl/oiiWcvsJZbILwIAAABleyJvcmlnaW4iOiJodHRwczovL3hhdC5jb206NDQzIiwiZmVhdHVyZSI6IkRpc2FibGVUaGlyZFBhcnR5U3RvcmFnZVBhcnRpdGlvbmluZyIsImV4cGlyeSI6MTcyNTQwNzk5OX0=
cf-cache-status: HIT
age: 2704
vary: Accept-Encoding
server: cloudflare
cf-ray: 9147c3039c757130-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-P4SDK5JMQ9

142.250.74.168

200 OK

110 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-P4SDK5JMQ9
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://xat.com/flirt
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint65:8D:A3:B8:35:26:DF:86:1E:F6:68:B3:C0:3F:9A:71:5D:3D:F0:F1
ValidityMon, 27 Jan 2025 08:35:27 GMT - Mon, 21 Apr 2025 08:35:26 GMT

File type
JavaScript source, ASCII text, with very long lines (5268)
Size
110 kB (109721 bytes)
Hash
df695fcfef76f4c9cd64d0c6a3e9605b
879f90d5ed6439480d8c84fca6efd724146dd397
ac81af359fc058255194ee4f0e27a96b23cf198c480a7f3cfc74592617631a70

HTTP Headers

GET /gtag/js?id=G-P4SDK5JMQ9 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xat.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 19 Feb 2025 16:51:28 GMT
expires: Wed, 19 Feb 2025 16:51:28 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1003:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1003:0
report-to: {"group":"ascgcycc:1003:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1003:0"}],}
server: Google Tag Manager
content-length: 109721
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

xat.com/web_gear/chat/Announce.php?c=1739983888493

172.67.38.142

200 OK

197 B

URL GET HTTP/2
xat.com/web_gear/chat/Announce.php?c=1739983888493
IP
172.67.38.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xat.com/flirt
Certificate
IssuerGoogle Trust Services
Subjectxat.com
Fingerprint7D:22:76:6C:4A:0E:0A:C0:71:99:B7:1A:4A:B7:1B:81:FA:48:EE:A9
ValidityMon, 03 Feb 2025 23:08:50 GMT - Mon, 05 May 2025 00:08:46 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
197 B (197 bytes)
Hash
11e5e52d7ae0b491992948ce9f1eee3d
7ea81e5767ef6233bb57c156c3a10bfeecbbf255
f20d80f24c1c612b4abd7938480523fa89d491043a506c08b46e7fb581f95095

HTTP Headers

GET /web_gear/chat/Announce.php?c=1739983888493 HTTP/1.1
Host: xat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xat.com/flirt
Content-type: application/x-www-form-urlencoded; charset=UTF-8
DNT: 1
Connection: keep-alive
Cookie: __cflb=0H28vBHvMdMsiCqyekQMKrTEmi8SmkGd38Rap8kNdBq
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 19 Feb 2025 16:51:28 GMT
content-type: application/json
cache-control: max-age=300, public, must-revalidate
access-control-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 9147c30719c37130-OSL
content-encoding: br
X-Firefox-Spdy: h2

xat.com/content/web/R00206/pwa.css

172.67.38.142

200 OK

490 B

URL GET HTTP/2
xat.com/content/web/R00206/pwa.css
IP
172.67.38.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xat.com/flirt
Certificate
IssuerGoogle Trust Services
Subjectxat.com
Fingerprint7D:22:76:6C:4A:0E:0A:C0:71:99:B7:1A:4A:B7:1B:81:FA:48:EE:A9
ValidityMon, 03 Feb 2025 23:08:50 GMT - Mon, 05 May 2025 00:08:46 GMT

File type
ASCII text, with very long lines (490), with no line terminators
Size
490 B (490 bytes)
Hash
1b677fccc5be0f3744e5e8af37f66d8c
a21a525a43e4217ade11aacb9fd2f3f80c9fb6d7
2b181a7f46f30288369aadf240d5f981b082f6d15e376730a1860339d43bebee

HTTP Headers

GET /content/web/R00206/pwa.css HTTP/1.1
Host: xat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xat.com/flirt
Cookie: __cflb=0H28vBHvMdMsiCqyekQMKrTEmi8SmkGd38Rap8kNdBq
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 19 Feb 2025 16:51:27 GMT
content-type: text/css
last-modified: Sun, 09 Feb 2025 11:26:21 GMT
etag: W/"67a890dd-1ea"
expires: Wed, 19 Feb 2025 19:29:32 GMT
cache-control: max-age=86400
origin-trial: AuowOQVHzf/jZCWuHsZPPTAEqLM5Nd7BltXiY7QcjA2JYFwAXlVvtkt628oPsOl3JUGBlPHl/oiiWcvsJZbILwIAAABleyJvcmlnaW4iOiJodHRwczovL3hhdC5jb206NDQzIiwiZmVhdHVyZSI6IkRpc2FibGVUaGlyZFBhcnR5U3RvcmFnZVBhcnRpdGlvbmluZyIsImV4cGlyeSI6MTcyNTQwNzk5OX0=
cf-cache-status: HIT
age: 76915
vary: Accept-Encoding
server: cloudflare
cf-ray: 9147c300e8077130-OSL
content-encoding: br
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/handlebars.js/4.7.6/handlebars.runtime.js

104.17.25.14

200 OK

52 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/handlebars.js/4.7.6/handlebars.runtime.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xat.com/flirt
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32
ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT

File type
JavaScript source, ASCII text, with very long lines (352)
Size
52 kB (52190 bytes)
Hash
9c17b78b7bdf4820e70c04330ed2b155
47f412c1800686b459c053bf3fb6c0f8a0421833
4a82f849e9618156eef475449fe30bc64aa9d4b9aa172764fd069ca90d41dd5f

HTTP Headers

GET /ajax/libs/handlebars.js/4.7.6/handlebars.runtime.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xat.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 19 Feb 2025 16:51:27 GMT
content-type: application/javascript; charset=utf-8
content-length: 10770
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e72-cbde"
last-modified: Mon, 04 May 2020 16:10:26 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 75898
expires: Mon, 09 Feb 2026 16:51:27 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R1m4ysy00ugNAeRYLo3xZq8yxhhKUUKo%2Bpr2SfeOpd4ai8eHB8tROnu%2FwmWSXBHZwEkRjWiiFc%2FGb%2FOjlVV2bWMhFxY5XAtTxAtpwl4AlK0lXuZxYZmHBBMlomf%2F16dHg7uX2dL0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 9147c3039fd17128-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

xat.com/content/web/R00206/pwa.js?z4

172.67.38.142

200 OK

81 kB

URL GET HTTP/2
xat.com/content/web/R00206/pwa.js?z4
IP
172.67.38.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xat.com/flirt
Certificate
IssuerGoogle Trust Services
Subjectxat.com
Fingerprint7D:22:76:6C:4A:0E:0A:C0:71:99:B7:1A:4A:B7:1B:81:FA:48:EE:A9
ValidityMon, 03 Feb 2025 23:08:50 GMT - Mon, 05 May 2025 00:08:46 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
81 kB (81198 bytes)
Hash
33cbc4d66ddb9f5cae0b11f99bb218c0
597170dc098b95622e83a07d987879fe09b496b6
07d6158a989f328fe2ba2834217ac579d0e7eaf5727b8265301d8fa9f09f62e3

HTTP Headers

GET /content/web/R00206/pwa.js?z4 HTTP/1.1
Host: xat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xat.com/flirt
Cookie: __cflb=0H28vBHvMdMsiCqyekQMKrTEmi8SmkGd38Rap8kNdBq
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 19 Feb 2025 16:51:27 GMT
content-type: application/javascript
last-modified: Sun, 09 Feb 2025 11:25:40 GMT
etag: W/"67a890b4-13d2e"
expires: Thu, 20 Feb 2025 15:39:58 GMT
cache-control: max-age=86400
origin-trial: AuowOQVHzf/jZCWuHsZPPTAEqLM5Nd7BltXiY7QcjA2JYFwAXlVvtkt628oPsOl3JUGBlPHl/oiiWcvsJZbILwIAAABleyJvcmlnaW4iOiJodHRwczovL3hhdC5jb206NDQzIiwiZmVhdHVyZSI6IkRpc2FibGVUaGlyZFBhcnR5U3RvcmFnZVBhcnRpdGlvbmluZyIsImV4cGlyeSI6MTcyNTQwNzk5OX0=
cf-cache-status: HIT
age: 4289
vary: Accept-Encoding
server: cloudflare
cf-ray: 9147c300e80c7130-OSL
content-encoding: br
X-Firefox-Spdy: h2

xat.com/flirt

172.67.38.142

200 OK

4.8 kB

URL User Request GET HTTP/2
xat.com/flirt
IP
172.67.38.142:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectxat.com
Fingerprint7D:22:76:6C:4A:0E:0A:C0:71:99:B7:1A:4A:B7:1B:81:FA:48:EE:A9
ValidityMon, 03 Feb 2025 23:08:50 GMT - Mon, 05 May 2025 00:08:46 GMT

File type
HTML document, ASCII text, with very long lines (5076), with no line terminators
Size
4.8 kB (4820 bytes)
Hash
00f4342d5d1402ec525703e1a5a3fcb1
433148ecac9defee3ddd8eba080428a5195c9538
e7fa891a1e1850e6c2e07453aa5a0080321ef523104de3ef84578ed4e704a83d

HTTP Headers

GET /flirt HTTP/1.1
Host: xat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 19 Feb 2025 16:51:27 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=1800,public
content-encoding: gzip
cf-cache-status: DYNAMIC
vary: accept-encoding
set-cookie: __cflb=0H28vBHvMdMsiCqyekQMKrTEmi8SmkGd38Rap8kNdBq; SameSite=Lax; path=/; expires=Wed, 19-Feb-25 17:51:27 GMT; HttpOnly
server: cloudflare
cf-ray: 9147c2fc5fd17130-OSL
X-Firefox-Spdy: h2

xat.com/content/web/R00206/direct.css

172.67.38.142

200 OK

40 kB

URL GET HTTP/2
xat.com/content/web/R00206/direct.css
IP
172.67.38.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xat.com/flirt
Certificate
IssuerGoogle Trust Services
Subjectxat.com
Fingerprint7D:22:76:6C:4A:0E:0A:C0:71:99:B7:1A:4A:B7:1B:81:FA:48:EE:A9
ValidityMon, 03 Feb 2025 23:08:50 GMT - Mon, 05 May 2025 00:08:46 GMT

File type
ASCII text, with very long lines (39897), with no line terminators
Size
40 kB (39897 bytes)
Hash
0821ed7c13663397dc3ea26be000e012
bdc0ffb64963f12e5023c317d19738263deceb3f
d26f4b14b1b0fafe83b8e4ed5e197dec5110cbf28a8949bbbfa6da1cc60dd12f

HTTP Headers

GET /content/web/R00206/direct.css HTTP/1.1
Host: xat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xat.com/flirt
Cookie: __cflb=0H28vBHvMdMsiCqyekQMKrTEmi8SmkGd38Rap8kNdBq
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 19 Feb 2025 16:51:27 GMT
content-type: text/css
last-modified: Sun, 09 Feb 2025 11:26:18 GMT
etag: W/"67a890da-9bd9"
expires: Wed, 19 Feb 2025 19:29:34 GMT
cache-control: max-age=86400
origin-trial: AuowOQVHzf/jZCWuHsZPPTAEqLM5Nd7BltXiY7QcjA2JYFwAXlVvtkt628oPsOl3JUGBlPHl/oiiWcvsJZbILwIAAABleyJvcmlnaW4iOiJodHRwczovL3hhdC5jb206NDQzIiwiZmVhdHVyZSI6IkRpc2FibGVUaGlyZFBhcnR5U3RvcmFnZVBhcnRpdGlvbmluZyIsImV4cGlyeSI6MTcyNTQwNzk5OX0=
content-encoding: gzip
cf-cache-status: HIT
age: 76913
vary: Accept-Encoding
server: cloudflare
cf-ray: 9147c302eb507130-OSL
X-Firefox-Spdy: h2

xat.com/content/web/R00206/lib/jquery.localize.js

172.67.38.142

200 OK

2.2 kB

URL GET HTTP/2
xat.com/content/web/R00206/lib/jquery.localize.js
IP
172.67.38.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xat.com/flirt
Certificate
IssuerGoogle Trust Services
Subjectxat.com
Fingerprint7D:22:76:6C:4A:0E:0A:C0:71:99:B7:1A:4A:B7:1B:81:FA:48:EE:A9
ValidityMon, 03 Feb 2025 23:08:50 GMT - Mon, 05 May 2025 00:08:46 GMT

File type
JavaScript source, ASCII text, with very long lines (2227), with no line terminators
Size
2.2 kB (2172 bytes)
Hash
e4a04096e8980c1ee0a8b51cb9144d25
3e0b452f230ea0c0e880d112fa89c0b4a25add6e
38091255abfbeabb92252231c1bd72be2a9b3f4673f9a4beda900f7541081e6f

HTTP Headers

GET /content/web/R00206/lib/jquery.localize.js HTTP/1.1
Host: xat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xat.com/flirt
Cookie: __cflb=0H28vBHvMdMsiCqyekQMKrTEmi8SmkGd38Rap8kNdBq
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 19 Feb 2025 16:51:28 GMT
content-type: application/javascript
last-modified: Tue, 15 Aug 2023 20:25:16 GMT
etag: W/"64dbdf2c-87c"
expires: Wed, 19 Feb 2025 17:02:39 GMT
cache-control: max-age=86400
origin-trial: AuowOQVHzf/jZCWuHsZPPTAEqLM5Nd7BltXiY7QcjA2JYFwAXlVvtkt628oPsOl3JUGBlPHl/oiiWcvsJZbILwIAAABleyJvcmlnaW4iOiJodHRwczovL3hhdC5jb206NDQzIiwiZmVhdHVyZSI6IkRpc2FibGVUaGlyZFBhcnR5U3RvcmFnZVBhcnRpdGlvbmluZyIsImV4cGlyeSI6MTcyNTQwNzk5OX0=
cf-cache-status: HIT
age: 85729
vary: Accept-Encoding
server: cloudflare
cf-ray: 9147c3053eef7130-OSL
content-encoding: br
X-Firefox-Spdy: h2

xat.com/content/web/R00206/direct.js

172.67.38.142

200 OK

513 kB

URL GET HTTP/2
xat.com/content/web/R00206/direct.js
IP
172.67.38.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xat.com/flirt
Certificate
IssuerGoogle Trust Services
Subjectxat.com
Fingerprint7D:22:76:6C:4A:0E:0A:C0:71:99:B7:1A:4A:B7:1B:81:FA:48:EE:A9
ValidityMon, 03 Feb 2025 23:08:50 GMT - Mon, 05 May 2025 00:08:46 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
513 kB (512773 bytes)
Hash
6968aa07dc343b95046b4d23c45478dd
2a59110b892e692907b3194d6a84a17704100fcf
1552b308397cc6f4361f7964359d480fa1e153c8b241be2fade1d74c684cebd5

HTTP Headers

GET /content/web/R00206/direct.js HTTP/1.1
Host: xat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xat.com/flirt
Cookie: __cflb=0H28vBHvMdMsiCqyekQMKrTEmi8SmkGd38Rap8kNdBq
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 19 Feb 2025 16:51:28 GMT
content-type: application/javascript
last-modified: Sun, 09 Feb 2025 11:25:33 GMT
etag: W/"67a890ad-7d305"
expires: Thu, 20 Feb 2025 16:37:01 GMT
cache-control: max-age=86400
origin-trial: AuowOQVHzf/jZCWuHsZPPTAEqLM5Nd7BltXiY7QcjA2JYFwAXlVvtkt628oPsOl3JUGBlPHl/oiiWcvsJZbILwIAAABleyJvcmlnaW4iOiJodHRwczovL3hhdC5jb206NDQzIiwiZmVhdHVyZSI6IkRpc2FibGVUaGlyZFBhcnR5U3RvcmFnZVBhcnRpdGlvbmluZyIsImV4cGlyeSI6MTcyNTQwNzk5OX0=
cf-cache-status: HIT
age: 867
vary: Accept-Encoding
server: cloudflare
cf-ray: 9147c3055f257130-OSL
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (16)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP